Take for example – AWS STS token or JWT tokens.
Let’s say node A got a token for accessing a resource of account X on behalf of account X. Access includes read/write privileges.
Let’s say few minutes later the node A got compromised.
Nothing else knows that A got compromised.
Question Account X is also compromised now. Correct?
Question We will continue to provide renewed tokens to access account X to node A because we have not detected that node A is compromised yet. Correct?
Question What should we do to detect that node A is compromised?